Monthly Archives: April 2014

Episode #177: There and Back Again

Hal finds some old mail

Way, way back after Episode #170 Tony Reusser sent us a follow-up query. If you recall, Episode #170 showed how to change files named "fileaa", "fileab", "fileac", etc to files named "file.001", "file.002", "file.003". Tony's question was how to go back the other way-- from "file.001" to "fileaa", "file.002" to "fileab", and so on.

Why would we want to do this? Heck, I don't know! Ask Tony. Maybe he just wants to torture us to build character. Well we here at Command Line Kung Fu fear no characters, though we may occasionally lose reader emails behind the refrigerator for several months.

The solution is a little scripty, but I did actually type it in on the command line:

    c=1
for l1 in {a..z}; do
for l2 in {a..z}; do
printf -v ext %03d $(( c++ ))
[[ -f file.$ext ]] && mv file.$ext file$l1$l2 || break 2
done
done

There are two nested loops here which work together to create our alphabetic file extensions. $l1 represents the first of the two letters, ranging from 'a' to 'z'. $l2 is the second letter, also ranging from 'a' to 'z'. Put them next to each other and you get "aa", "ab", "ac", etc.

Like Episode #170, I'm using a counter variable named $c to track the numeric file extension. So, for all you computer science nerds, this is a rather weird looping construct because I'm using three different loop control variables. And weird is how I roll.

Inside the loop, I re-use the code from Episode #170 to format $c as our three-digit file extension (saved in variable $ext) and auto-increment $c in the same expression. Then I check to see if "file.$ext" exists. If we have a "file.$ext", then we rename it to "file$l1$l2" ("fileaa", "fileab", etc). If "file.$ext" does not exist, then we've run out of "file.xxx" pieces and we can stop looping. "break 2" breaks out of both enclosing loops and terminates our command line.

And there you go. I hope Tim has as much fun as I did with this. I bet he'd have even more fun if I made him do it in CMD.EXE. Frankly all that PowerShell has made him a bit sloppy...

Tim mails this one in just in time from Abu Dhabi

Wow, CMD huh? That trip to Scriptistan must have made him crazy. I think a CMD version of this would violate the laws of physics.

I'm on the other side of the world looking for Nermal in Abu Dhabi. Technically, it is May 1 here, but since the publication date shows April I think this counts as our April post. At least, that is the story I'm sticking to.

Sadly, I too will have to enter Scriptistan. I have a visa for a long stay on this one. I'll start by using a function to convert a number to Base26. The basis of this function is taken from here. I modified the function so we could add leading A's to adjust the width.

function Convert-ToLetters ([parameter(Mandatory=$true,ValueFromPipeline=$true)][int] $Value, [int]$MinWidth=0) {
$currVal = $Value
if ($LeadingDigits -gt 0) { $currVal = $currVal + [int][Math]::Pow(26, $LeadingDigits) }
$returnVal = '';
while ($currVal -ge 26) {
$returnVal = [char](($currVal) % 26 + 97) + $returnVal;
$currVal = [int][math]::Floor($currVal / 26)
}
$returnVal = [char](($currVal) + 64) + $returnVal;

return $returnVal
}

This allows me to cheat greatly simplify the renaming process.

PS C:\> ls file.* | % { move $_ "file.$(Convert-ToLetters [int]$_.Extension.Substring(1) -MinWidth 3 )" }

This command will read the files starting with "file.", translate the extension in to Base26 (letters), and rename the file. The minimum width is configurable as well, so file.001 could be file.a, file.aa, file.aaa, etc. Also, this version will support more than 26^2 files.

Japan Joins the APEC Cross-Border Privacy Rules System

On April 30, 2014, the Asia-Pacific Economic Cooperation (“APEC”) released the Findings Report of the Joint Oversight Panel of the APEC Cross-Border Privacy Rules (“CPBR”) system, confirming that Japan has met the conditions for participation in the CBPRs. Accordingly, Japan has now joined the U.S. and Mexico as a participant in the APEC CBPRs. Canada recently expressed its intent to join the system soon, and other APEC economies are in the process determining how and when they may join.

Japan submitted its “Notice of Intent to Participate in the CBPR System” to the Joint Oversight Panel in June of 2013. As required by the applicable CBPR governance rules, Japan included in its Notice of Intent a list of 15 Japanese “Privacy Enforcement Authorities” that are members of the APEC Cross-border Privacy Enforcement Arrangement (“CPEA”), and indicated that it intends to make use of at least one APEC-recognized “Accountability Agent.” Accountability Agents are third party organizations that review and certify businesses for participation in the CBPRs. Finally, Japan also provided a description of its domestic laws and enforcement mechanisms that would apply to a Japanese Accountability Agent’s CBPR-related activities, as well as the required “APEC CBPR System Program Requirements Enforcement Map,” which describes how the CBPRs are enforceable under Japanese law.

The APEC CBPR system is a regional, multilateral cross-border data transfer mechanism and enforceable privacy code of conduct developed for businesses by the 21 APEC member economies. The CBPRs implement the nine high-level APEC Privacy Principles set forth in the APEC Privacy Framework. Although all APEC economies have endorsed the system, in order to participate individual APEC economies must officially express their intent to join and satisfy certain requirements.

French Data Protection Authority Discloses Its 2014 Inspection Program

On April 29, 2014, the French Data Protection Authority (“CNIL”) disclosed its annual inspections program, providing an overview of its inspections in 2013 and a list of the inspections it plans to conduct in 2014. Under French data protection law, the CNIL is authorized to collect any useful information in connection with its investigations and access data controllers’ electronic data and data processing programs. Since March 2014, the CNIL also is permitted to collect such information online through remote investigations.

The CNIL reportedly conducted 414 inspections in 2013. Of those, 134 inspections related to closed-circuit television (“CCTV”) monitoring. According to the CNIL, these inspections revealed regular violations of French law concerning the operation of CCTV systems, including the absence of prior notification to the CNIL or authorization by the prefect of the relevant French department, incomplete information provided to individuals, insufficient security measures, and an excessive level of intrusiveness of certain CCTV systems (e.g., where the camera zoom allows an entity to record the inside of a building). The inspections relating to CCTV monitoring resulted in a dozen formal notices issued by the CNIL. In one instance, the CNIL referred the case to the French Public Prosecutor.

The CNIL announced that a target of 550 controls was set for 2014, including 350 on-site inspections and 200 online inspections. These inspections will focus on the following activities:

  • The processing of personal data in the context of the operation of the National Database on Household Credit Repayment Incidents;
  • The management of personal data breaches by telecommunication service providers; -The processing of personal data by online social networks;
  • The processing of personal data relating to the payment and recovery of national income tax;
  • The processing of personal data in the context of online payments to combat fraud as well as the retention of banking data; and
  • The processing of personal data in the context of the National Register of Perpetrators of Sexual and Violent Offences.

The CNIL also announced that it will continue to conduct investigations in cooperation with other data protection authorities. In May 2013, the CNIL participated in an initiative of the Global Privacy Enforcement Network called “Internet Privacy Sweep Day,” during which time 19 data protection authorities reviewed online information notices. A similar action will be taken this year, focusing on “Mobile Privacy” (i.e., privacy on mobile terminals).

Finally, the CNIL confirmed its involvement in the future European inspections campaign organized by the Article 29 Working Party regarding the use of cookies. This campaign aims to provide a European overview of cookie practices and to harmonize the positions taken by the European data protection authorities with respect to such practices.

U.S. Court Rules Microsoft Must Release User Data Stored Overseas

On April 25, 2014, a judge in the U.S. District Court for the Southern District of New York ruled that Microsoft must release user data to U.S. law enforcement when issued a search warrant, even if the data is stored outside of the U.S.

The case stems from a search warrant seeking the contents of all emails, records and other information regarding one of Microsoft’s email users. Microsoft complied with the warrant by producing “non-content” information related to the account (which is stored on U.S. servers), but refused to turn over the contents of the emails that are stored on a server in Ireland. The company argued that U.S. courts are not authorized to issue warrants for extraterritorial search and seizure of emails. The judge found that a search warrant for online data is unlike a conventional warrant, stating that if it were treated like a conventional warrant, the burden on the government would be substantial and law enforcement efforts would be impeded.

In a blog post, Microsoft Deputy General Counsel David Howard indicated that Microsoft views the ruling as “the first step toward getting this issue in front of courts that have the authority to correct the government’s longstanding views on the application of search warrants to content stored digitally outside the United States.”

Tiao Discusses Utilities’ Concerns in Sharing Information with the Government

On April 20, 2014, Hunton & Williams partner Paul M. Tiao was featured on Platts Energy Week discussing the importance of the homeland security partnership between electric utility companies and the U.S. government. In the feature, “U.S. Utilities Wary of Sharing Grid Risks,” Tiao talked about the recent leak to The Wall Street Journal of a sensitive internal memo at the Federal Energy Regulatory Commission that revealed potential vulnerabilities in the electricity grid. Tiao said that many utility companies want to work with federal agencies to protect homeland security, but in order to do that, they need to be able to trust the government to protect sensitive information about threats and vulnerabilities. The leak of the memo has undermined that trust.

View the Platts Energy Week feature with Paul Tiao.

HHS Settles Potential HIPAA Violations with Concentra Health Services and QCA Health Plan Inc.

On April 23, 2014, the Department of Health and Human Services (“HHS”) announced settlements with two health care companies stemming from allegations of inadequate information security practices in the wake of investigations involving stolen laptop computers. Concentra Health Services (“Concentra”) and QCA Health Plan Inc. (“QCA”) will collectively pay nearly $2 million to settle the claims.

As reported in Bloomberg BNA, the HHS Office for Civil Rights (“OCR”) opened a compliance review of Concentra after receiving a data breach report that an unencrypted laptop was stolen from one of the company’s facilities. OCR’s investigation found that Concentra had previously recognized that the lack of encryption was a “critical risk,” but the company’s efforts to address the issue were “incomplete and inconsistent over time.” OCR also alleged other insufficient security management processes safeguarding patient information. Concentra agreed to pay $1.7 million and adopt a corrective action plan.

QCA agreed to pay $250,000 and provide HHS with an updated risk analysis and corresponding risk management plan. The company provided OCR with notice of a data breach in 2012 regarding an unencrypted laptop computer that was stolen from a workforce member’s car. OCR’s subsequent investigation led to allegations that the company “failed to comply with multiple requirements” of the HIPAA Privacy and Security Rules from April 2005 to June 2012.

Android.Trojan.Rubobi.A (SmsPiratBot)

Another Android botnet dumped recently.
This malware can send and intercept sms from bots.
Like most of android botnets, they are used mainly to target mobile banks like Sberbank (www.sberbank.ru - the biggest bank in Russia)
In Russia, you can transfer money from one card to another card through mobile sms
This botnet is sold 120$

Fake App:
MD5: 2ea5e73653d1454c04ecd48202dcc391

Login:

System Stats:

Countries:

Operators:

Task Stats:

Task Editor:

Blacklist:

Stored SMS:

Another panel:

Structure:

Lame scareware

I've found a sample yesterday downloaded via this url: skyways.co/play.exe, console application, and ugly code + scareware and third party FakeAV call center.
All the following was so lame that i need to talk about this.


 At first the malware will try to see if he's dropped into %SYSTEMROOT%/system/
If it's not the case then he will create a file:

Then, you think he will write into the new file created but nope, he add a registry persistence, by using the api CreateProcess (oh god, why) instead of using RegCreateKey:

Wrote finally the file:

Wait 5 minutes then display a message box:
"Your computer's file system has encountered a serious error. Please restart the computer or call support at 1-866-286-6162"

After a reboot, a shutdown procedure is initialized:


And 5 minutes after, once again the messagebox:


I searched the phone number on google and found this:
"Technicion is an independent provider of on-demand tech support and not affiliated with any third party"

ok, what's about the payement page:
Just 99.99 without any explanation, even the currency symbol is unknown, what a serious site.

And for the story i tried to call 1-866-286-6162 to insult them and tell them how much i hate their ugly code etc.. but there was no available representatives..

Article 29 Working Party Issues Statement on One-Stop-Shop Within Proposed EU General Data Protection Regulation

On April 16, 2014, the Article 29 Working Party (the “Working Party”) sent a letter (the “Letter”) to Lilian Mitrou, Chair of the Working Group on Information Exchange and Data Protection (the “DAPIX”) of the Council of the European Union, to support a compromise position on the one-stop-shop mechanism within the proposed EU General Data Protection Regulation (the “Proposed Regulation”).

The one-stop-shop mechanism is being discussed in the Council in the context of the ongoing legislative debate on the Proposed Regulation. With the Letter, the Working Party aims to support a compromise between the various positions that have so far been expressed in the Council. The Working Party’s compromise position is set out in a statement (the “Statement”) which was sent to the Council as an annex to the Letter. In the Statement, the Working Party underlines its support for a one-stop-shop mechanism in cases where a data processing operation is carried out in the context of activities of a controller’s or a processor’s establishments in different EU Member States, or where individuals in different EU Member States are affected by a data processing operation. The Working Party considers that this mechanism should not apply to cases of pure national relevance or minor cross-border relevance. Guidance on such minor cross-border cases should be provided by the European Data Protection Board (“EDPB”).

The Working Party considers that, in those cases where the one-stop-shop mechanism applies, the lead supervisory authority (i.e., the supervisory authority in the EU Member State of the main establishment) and the other concerned supervisory authorities should cooperate and reach a consensus on the case. The lead supervisory authority will then have the authority to take the relevant measures against the main establishment of the controller or processor concerned. If they do not reach a consensus, the EDPB should have the authority to impose binding measures. The controller or processor concerned will be required to fulfil and implement the measures imposed by the lead supervisory authority or the EDPB in all of its EU establishments.

In addition, in the Statement, the Working Party also declares its support for the accountability elements of the Proposed Regulation (e.g., the EU-wide establishment of internal data protection officers, data protection impact assessments, privacy by design and privacy by default principles). Finally, the Working Party added to the Letter its advice paper on profiling which was adopted in May 2013, as this topic is currently on the agenda of the DAPIX.

Brazilian President Signs Internet Bill

On April 23, 2014, Brazilian President Dilma Rousseff enacted the Marco Civil da Internet (“Marco Civil”), Brazil’s first set of Internet regulations. The Marco Civil was approved by the Brazilian Senate on April 22, 2014. President Rousseff signed the law at the NETMundial Internet Governance conference in São Paulo, a global multistakeholder event on the future of Internet governance.

As we previously reported, the Marco Civil includes requirements regarding personal data protection and net neutrality. The law also contains data protection and privacy provisions that also would apply extraterritorially to foreign online businesses that process data of Brazilian citizens. A controversial provision that would have required data to be stored locally in Brazil has been omitted in the final version of the law.

Android/FakeToken.A

OTP forwarder dumped months ago.

Login:

Statistics:

Bots:

Bot:

Passwords:

Send a command:

Commands sent:

Apps:

Apps builder:

MD5s:
2d4770137ae0b91446fc2f99d9fdb2b0
f629adcfbcdd4622ad75337ec0b1a0ff
dd4ac55df6500352dd2cad340a36a40f
b9f9614775a54aa42f94eedbc4796446
1fababfd02ea09ae924cd0a7dbfb708c
bc8394bc9c6adbcfca3d450ee4ede44a
1cb87e1716c503bf499e529ee90e5b31
6db5cdd2648fcd445481cdfa2f2b065a
2ad6f8b8e4aaf88b024e1ddb99833b79
8bac185b6aff0bec4686b7f4cb1659c8

App settings:

Settings:

Second panel, a bit different, look like a 'test' one.
Statistics:

Phone:

Phone search:

Settings:

RSA Security talked also about it here

Kentucky Enacts Data Breach Notification Law

On April 10, 2014, Kentucky Governor Steve Beshear signed into law a data breach notification statute requiring persons and entities conducting business in Kentucky to notify individuals whose personally identifiable information was compromised in certain circumstances. The law will take effect on July 14, 2014.

Kentucky’s data breach notification law covers “personally identifiable information,” which is defined as an individual’s first name or first initial and last name in combination with any of the following:

  • Social Security number;
  • Driver’s license number; or
  • Account number, credit or debit card number, in combination with any required security code, access code or password that would permit access to an individual’s financial account.

The breach notification law contains a harm threshold: entities are not required to notify affected Kentucky residents unless the breach “actually causes, or leads the [entity] to reasonably believe has caused or will cause identity theft or fraud.”

The law does not require entities to notify the state Attorney General or any other government agencies, but it does require notice to all consumer reporting agencies and credit bureaus if more than 1,000 residents are to be notified at one time.

Alabama, New Mexico and South Dakota are now the only U.S. states that have not yet enacted a data breach notification law.

View an unofficial copy of the statute.

Article 29 Working Party Issues Guidance on the “Legitimate Interests” Ground in the EU Data Protection Directive

On April 9, 2014, the Article 29 Working Party (the “Working Party”) issued an Opinion on using the “legitimate interests” ground listed in Article 7 of the EU Data Protection Directive 95/46/EC as the basis for lawful processing of personal data. Citing “legitimate interests” as a ground for data processing requires a balancing test, and it may be relied on only if (1) the data processing is necessary for the legitimate interests of the controller (or third parties), and (2) such interests are not overridden by the interests or fundamental rights and freedoms of the data subject. With the Opinion, the Working Party aims to ensure a common understanding of this concept.

First, the Working Party clarifies that the “legitimate interests” balancing test must take into consideration a number of different factors (e.g., the nature of the data, the way the data are being processed). By breaking down the process into several steps and providing practical examples, the Working Party provides detailed guidance on how to carry out this complex assessment. The Working Party also examines the relationship of the “legitimate interests” ground to the other grounds for lawful data processing (e.g., consent), and stresses that the order in which the legal grounds for data processing are listed in Article 7 (with “legitimate interests” being the last on the list) does not mean that the “legitimate interests” criterion should be applied only in exceptional cases, or as a “last resort.”

Second, the Working Party recommends providing guidance on the application of this criterion in the text of the proposed EU General Data Protection Regulation (the “Proposed Regulation”). In particular, the Working Party recommends that the Proposed Regulation include a recital that provides a non-exhaustive list of key factors to be considered when applying the balancing test, and a recital stating that data controllers who invoke the “legitimate interests” ground should conduct (and document) the assessment described in the Opinion. Finally, the Working Party recommends adding to the Proposed Regulation a specific requirement for data controllers to explain to data subjects why they believe their interests would not be overridden by the data subjects’ interests, fundamental rights and freedoms. Also, upon request, data controllers should make available to data protection authorities the documentation upon which they based the assessment they have conducted before using “legitimate interests” as the grounds for processing personal data.

Article 29 Working Party Issues Opinion on Surveillance of Electronic Communications for Intelligence and National Security Purposes

On April 10, 2014, the Article 29 Working Party (the “Working Party”) adopted Opinion 04/2014. The Opinion analyzes the implications of electronic surveillance programs on the right to privacy and provides several recommendations for protecting EU personal data in the surveillance context.

Since the Snowden revelations began last year, the Working Party has been expected to release its official point of view on surveillance activities of intelligence services, both in the United States and in the European Union. The Opinion analyzes the mass collection of personal data of EU citizens by both EU and non-EU intelligence services through their surveillance programs. The Opinion concludes that secret, massive and indiscriminate surveillance programs are illegal and cannot be justified by the fight against terrorism or other such threats to national security. The Opinion goes on to recommend several measures, including:

Increased Transparency and Maximizing Public Awareness

The Opinion recommends that EU Member States should be transparent to the greatest extent possible about their involvement in intelligence data collection and sharing programs, at least with their national parliaments and data protection authorities. In addition, the Opinion indicates that individuals should be better informed regarding both the consequences of their use of electronic communications services, and how better to protect themselves. To this end, the Working Party intends to organize a conference in the second half of 2014 bringing together all stakeholders to discuss a possible approach.

Effective and Independent Supervision of Intelligence Services in the EU

The Opinion recommends that EU Member States maintain a coherent legal framework for their intelligence services, including rules on data protection and the transfer of personal data to foreign government authorities. Intelligence services should be subject to effective and independent supervision involving the relevant national data protection authorities.

Improved Data Protection at the EU Level

The Opinion urges EU institutions to ensure that the proposed EU General Data Protection Regulation is adopted in 2014, and to endorse the European Parliament’s proposal for a new Article 43A, which would require informing individuals when access to their data has been given to public authorities in the preceding 12 months. The Opinion also recommends that EU institutions define the concept of national security, and clarify that protecting other countries’ national security is not sufficient to override EU law.

International Protection for EU Residents

Finally, the Opinion recommends expediting negotiations on an international agreement to provide adequate data protection safeguards for individuals in the context of intelligence operations.

The Opinion also reiterates that companies subject to EU law must comply with applicable EU data protection law, and that there is no legal basis for transferring personal data to a foreign government authority for massive and indiscriminate surveillance purposes.

FTC Announces Settlement with Data Brokers for Alleged FCRA Violations

On April 9, 2014, the Federal Trade Commission announced settlements with two data brokers, Instant Checkmate, Inc. (“Instant Checkmate”) and InfoTrack Information Services, Inc. (“InfoTrack”), which sell public record information about consumers. The settlements stem from allegations that Instant Checkmate and InfoTrack violated various provisions of the Fair Credit Reporting Act (“FCRA”). According to the press release, the FTC asserts that the companies violated the FCRA by “providing reports about consumers to users such as prospective employers and landlords without taking reasonable steps to make sure that they were accurate, or without making sure their users had a permissible reason to have them.”

In its complaint against Instant Checkmate, the FTC alleged that, although Instant Checkmate included disclaimers on its website stating that it is not a consumer reporting agency (“CRA”), Instant Checkmate has operated as a CRA because it promoted its consumer reports to users for use in determining eligibility for employment and housing. According to the complaint, Instant Checkmate failed to maintain reasonable procedures to limit the furnishing of consumer reports to the permissible purposes under Section 604 of the FCRA. In addition, Instant Checkmate purportedly failed to (1) follow any reasonable procedures to assure maximum possible accuracy of the information in its reports, and (2) provide the requisite “User Notice” to its clients who purchased consumer reports. Pursuant to the FCRA, a court may award monetary civil penalties of up to $3,500 for each knowing violation of the FCRA.

The consent order, filed in the United States District Court for the Southern District of California, requires Instant Checkmate to:

  • pay $525,000 to the U.S. Treasurer as a civil penalty;
  • refrain from violating relevant provisions of the FCRA;
  • submit a compliance report to the FTC within one year;
  • notify the FTC of any changes in its structure that may affect its compliance with the settlement for three years;
  • create and maintain certain records (e.g., accounting and personnel records as well as consumer complaints and training materials) for three years; and
  • submit compliance reports to the FTC upon request.

In its complaint against InfoTrack, the FTC similarly alleged various violations of the FCRA, including failure to follow reasonable procedures to assure maximum possible accuracy of the consumer reports and to provide “User Notice” and “Furnisher Notice” as required by the FCRA. Specifically, the complaint asserts that InfoTrack’s practices resulted in furnishing consumer reports to employers that included National Sex Offender Registry records of individuals who were not the subject of the inquiry, which led to denied employment opportunities in some instances.

The consent order, filed in the United States District Court for the Northern District of Illinois, includes requirements that InfoTrack:

  • pay $1 million to the U.S. Treasurer as a civil penalty (of which InfoTrack is required to pay only $60,000 as the rest of the penalty is suspended premised on the financial statements of InfoTrack and its corporate officer);
  • within 60 days, notify each consumer who was the subject of a consumer report that included the National Sex Offender Registry records of more than one individual;
  • refrain from violating relevant provisions of the FCRA;
  • submit a compliance report to the FTC within one year;
  • notify the FTC of any changes in its structure that may affect its compliance with the settlement for 20 years;
  • create certain records (e.g., accounting and personnel records as well as consumer complaints and training materials) for 20 years and maintain such records for five years; and
  • submit compliance reports to the FTC upon request.

Article 29 Working Party Opines on the European Commission’s Review of Safe Harbor

On April 10, 2014, the Article 29 Working Party (the “Working Party”) issued a letter (the “Letter”) to Viviane Reding, Vice-President of the European Commission and Commissioner for Justice, Fundamental Rights and Citizenship, expressing its views on the European Commission’s ongoing revision of the EU-U.S. Safe Harbor Framework.

Background

On November 27, 2013, the European Commission published its analysis of the EU-U.S. Safe Harbor Framework and other EU-U.S. data transfers agreements. The analysis included a communication on rebuilding trust in EU-U.S. data flow and another communication regarding the functioning of Safe Harbor. The European Commission concluded that the EU-U.S. Safe Harbor Framework lacked transparency and effective enforcement, and recommended revising the Framework.

On March 12, 2014, the European Parliament adopted a resolution on the U.S. National Security Agency’s surveillance program, calling for the immediate suspension of the Safe Harbor Framework.

Support from the Working Party

In the current Letter, the Working Party expresses its support for the actions taken by both the European Commission and the European Parliament. The Working Party states that it agrees with the European Commission’s recommendations to improve the EU-U.S. Safe Harbor Framework and, in particular, recommendations 12 and 13 which set forth conditions for access by U.S. authorities to data transferred under Safe Harbor. The Working Party also calls for the suspension of the Safe Harbor agreement if the European Commission’s current revision process “does not lead to a positive outcome.” In addition, the Working Party recommends that the European Commission address certain additional elements for improvement (e.g., regarding transparency, onward transfers, redress, data subjects’ rights, access to data by U.S. authorities, security measures) in its ongoing negotiations with the U.S.

FTC Notifies Facebook, WhatsApp of Privacy Obligations in Light of Proposed Acquisition

On April 10, 2014, the Federal Trade Commission announced that the Director of the FTC’s Bureau of Consumer Protection had notified Facebook and WhatsApp Inc., reminding both companies of their obligation to honor privacy statements made to consumers in connection with Facebook’s proposed acquisition of WhatsApp.

In a letter to the companies, Bureau Director Jessica Rich wrote, “WhatsApp has made a number of promises about the limited nature of the data it collects, maintains, and shares with third parties – promises that exceed the protections currently promised to Facebook users. We want to make clear that, regardless of the acquisition, WhatsApp must continue to honor these promises to consumers.”

The letter further noted that the companies could be in violation of Section 5 of the FTC Act if WhatsApp fails to honor its promises after the acquisition is completed, and that Facebook also may be in violation of the FTC’s 2012 order against Facebook, which settled allegations from the FTC that Facebook deceived consumers by making false privacy promises.

Read the related post on the FTC’s Business Center Blog.

Interview with Michael Santarcangelo – Episode 369, Part 1 – April 10, 2014

Michael Santarcangelo is the catalyst leaders rely on to take friction out of communication connect people to value free up energy to solve problems and achieve higher levels of performance. He continues to write, speak, train on the structure and system to Effectively Communicate Value and serves as advisor to leaders in organizations of all sizes.

ZeusVM and steganography

Months ago, researchers observed an evolution of ZeusVM, time to get back on this family.

For informations,
The first ZeusVM sample i've seen using steganography was the 21 November 2013.
The IP of the C&C have Russian origin: 212.44.64.202
A Sutra TDS who redirect on Nuclear Exploit pack was pushing the payload, Roman of abuse.ch blacklisted 212.44.64.202 one month later on his Zeus tracker.

The first guy who publicly wrote about ZeusVM change is probably Jerome Segura of Malwarebytes.
Actually the latest version i've saw in the wild is 1.0.0.5, and if you want a hash: e4c31d18b92ad6e19cb67be2e38c3bd1 (sample is fresh of today)

Let's have a look on the first server that i've see now... 212.44.64.202.
Pony, Multilocker, Mailers, Grum and an older version of ZeusVM (without steganography) was also hosted on this server but that not the topic.

The filename of login scripts and ZeusVM configs were hardnamed in russian, like:
borodinskoesrajenie.jpg (http://en.wikipedia.org/wiki/Battle_of_Borodino)
vhodtolkodlyaelfov.php (only elves can enter)
logovoelfov.php (elf's den)
domawniypitomec.php (domestic animal)
jivotnoe.php (animal)
larecotkryt.php (the chest is open)
And so on.. overall the panel design seem back to the original zeus style (not like the previous 'generation' of ZeusVM with casper)

/kec/:

/luck/:

/ass/:

/kbot/:

/ksks/:

/one/:

/two/ (unused):

/three/ (unused):

/four/ (unused):

Now, for decoding those ZeusVM images, as described by Jerome, you just need to strip the image and do the following: Base64+RC4+VisualDecrypt+UCL Decompress

Here are some 'malicious' image from 212.44.64.202:
mix.jpg:
mix.jpg:
mix.jpg:
mix.jpg:
config.jpg:
kartamestnosti.jpg:
webi_test.jpg:
uwliottrekera.jpg:
 test_vnc2.jpg:
x64hook.jpg:

Some configs was done for tests:

And some wasn't for test, targeting banks with MiTB.
Malicious code injection, on a ZeusVM botnet targeting France:

Lame webinject:


CCGRAB:
ATSEngine:

Nowadays more actors start to use ZeusVM, like the group who was using the 'private' version of Citadel 3.1.0.0 and the group who was targeting Japan.
Both switched on ZeusVM as alternative of Citadel.

You can find the samples related to 212.44.64.202 with config and decoded here:
http://temari.fr/vx/ZeusVMs_212.44.64.202.7z

Some other ZeusVM samples (not related to 212.44.64.202):
http://temari.fr/vx/ZeusVMs_v1.0.0.2_v1.0.0.5.7z





root/root

FTC and DOJ Issue Antitrust Policy Statement on Cybersecurity

On April 10, 2014, U.S. Department of Justice Deputy Attorney General James Cole and Federal Trade Commission Chair Edith Ramirez announced a joint DOJ and FTC antitrust policy statement on the sharing of cybersecurity information (“Policy Statement”). The Policy Statement, as well as their remarks, emphasize the seriousness of the cybersecurity challenge and the need to improve cybersecurity information sharing. It is another example of the Obama Administration’s efforts to encourage the sharing of information about cybersecurity threats and vulnerabilities.

The Administration’s 2011 omnibus cybersecurity legislative proposal included robust provisions designed to encourage information sharing between private entities and between private entities and the government. The Obama Administration’s 2013 Executive Order on Improving Critical Infrastructure Cybersecurity required certain agencies to share classified and unclassified cyber threat information with targeted companies. And, the Department of Homeland Security and the Federal Bureau of Investigation are rapidly expanding programs designed to facilitate the bi-directional sharing of technical cybersecurity information between the government and the private sector. With this Policy Statement, the Administration is attempting to remove an issue that has hindered private-private cybersecurity information sharing.

The Policy Statement points to guidance that the DOJ issued in 2000 to the Electric Power Research Institute (“EPRI”) stating that it had no intention of initiating an enforcement action against EPRI regarding its program to exchange cyber threat and attack information. Although that guidance is over ten years old, it remains the agencies’ current analysis. The Policy Statement highlights three main points:

  • the sharing of cyber threat information can improve efficiency and network security, thereby serving a valuable purpose;
  • the information shared is typically technical in nature. It generally does not involve competitively sensitive information, such as current or future prices; and
  • the exchange of cyber threat information is limited in scope and unlikely to harm competition.

Accordingly, the two agencies conclude that the “properly designed sharing of cyber threat information should not raise antitrust concerns.”

Additional information is available in a Law360 article authored by Hunton & Williams partners Jamillia Padua Ferris and Paul M. Tiao. The article provides analysis of the Policy Statement and further discusses the importance of operational information sharing as a critical element in the fight against cyber threats.

Chinese Postal Bureau Issues Personal Information Protection Rules

In March 2014, the State Postal Bureau of the People’s Republic of China (the “SPBC”) formally issued three rules (the “Rules”) establishing significant requirements regarding the protection of personal information: (1) Provisions on the Management of the Security of Personal Information of Postal and Delivery Service Users (the “Security Provisions”); (2) Provisions on the Reporting and Handling of Security Information in the Postal Sector (the “Reporting and Handling Provisions”); and (3) Provisions on the Management of Undeliverable Express Mail Items (the “Management Provisions”). The Rules, each of which became effective on its date of promulgation, were issued in draft form in November 2013 along with a request for public comment.

The latest versions of the Rules generally retain most of what was contained in the original drafts. No material alterations were made to the personal information protection provisions, although some minor changes were made to the wording and the sequence of certain sentences was changed for conformity. Notably, the Security Provisions:

  • create a coherent framework for information security in postal and express delivery services;
  • define the “personal information of postal and delivery service users” (the “Users’ Information”); and
  • clarify the purpose and scope of application of the Security Provisions and the allocation of responsibilities in the event of information security incidents.

The Security Provisions also take a major step forward in encouraging enterprises to optimize information security management processes and use technical means to reduce the risks of disclosures of Users’ Information.

In addition to alleviating problems arising from the misappropriation of personal information used for postal and express delivery service purposes, the Rules also represent a positive development in China’s data protection legal regime and are the most recent addition to an expanding array of sector-specific regulations governing personal information in China. Companies operating in the postal delivery sector may need to modify and improve their business processes and service strategies to comply with the Rules.

Hunton’s Global Privacy and Cybersecurity Practice Tops Chambers Rankings

Hunton & Williams LLP is pleased to announce that Chambers and Partners has listed the firm’s Global Privacy and Cybersecurity practice in Band 1 in the 2014 Chambers Global guide. This is the sixth consecutive year the firm was top ranked in this category. In addition, the firm was newly ranked in the guide’s inaugural Europe-wide Data Protection section, premiering in the top-tier Band 1.

Chambers Global noted that the firm is “widely considered to be at the cutting edge” of data protection work in the United States, United Kingdom and European markets, with clients that include “major global players in the technology, financial services and retail sectors.” The team provides global privacy and cybersecurity advice to leading global companies and other high-profile clients.

Read the full press release.

Statement: OpenSSL "Heartbleed" and Smoothwall

Some of our customers have been asking about Smoothwall's vulnerability to the "Heartbleed" issue in OpenSSL. We can confirm that our version of OpenSSL is not vulnerable to this issue, and our version of GnuTLS has also been upgraded as of update73 to resolve another possible, but unrelated, SSL vulnerability, of which OpenSSL's is the latest of 3 recent issues in SSL implementations.

Smoothwall users are protected from Apple's recent bug (link below) by browsing through the web filter, however they are not immune to the "Heartbleed" issue where present on other web sites and services (though a MITM filtered connection is perhaps marginally harder to attack).

More information on each issue can be found here:
OpenSSL "Heartbleed"
GNUTLS issue
Apple "Goto fail"

Federal Judge Rules on FTC’s Authority to Regulate Data Security

On April 7, 2014, the U.S. District Court for the District of New Jersey issued an opinion in Federal Trade Commission v. Wyndham Worldwide Corporation, allowing the FTC to proceed with its case against the company. Wyndham had argued that the FTC lacks the authority to regulate data security under Section 5 of the FTC Act. The judge rejected Wyndham’s challenge, ruling that the FTC can charge Wyndham with unfair data security practices. The case will continue to be litigated on the issue of whether Wyndham’s data security practices constituted a violation of Section 5.

The FTC first filed suit against Wyndham in June 2012, alleging that Wyndham’s failure to maintain reasonable security contributed to three separate data breaches involving hackers accessing sensitive consumer data. The complaint charged Wyndham with violating the FTC Act by posting misleading representations on the company’s websites regarding how the company safeguarded customer information, and by failing to take reasonable security measures to protect the personal information it collected. Previous enforcement actions by the FTC have typically been settled by consent order; this case is one of the first challenges to the FTC’s authority to regulate data security.

Article 29 Working Party Issues Draft Contractual Clauses for Transfers from EU Data Processors to Non-EU Data Sub-Processors

On March 21, 2014, the Article 29 Working Party (the “Working Party”) issued a Working Document containing draft ad-hoc contractual clauses for transfers of personal data from data processors in the EU to data sub-processors outside the EU (the “Working Document”).

Standard contractual clauses (“SCCs”) are one of the mechanisms that provide a legal basis for complying with the EU restrictions on transferring personal data outside the EU. Currently, however, the existing SCCs apply only to transfers of personal data from data controllers in the EU to data processors outside the EU. Accordingly, the Working Party saw a need for a separate set of contractual clauses to provide a legal basis for transferring personal data from data processors in the EU to other data processors outside the EU.

The Working Document emphasizes that the draft contractual clauses do not constitute an official and finalized set of SCCs that could be used by data processors in the EU to comply with EU legal restrictions on international data transfers. The Working Document is intended to provide advice to the European Commission should it decide to amend or supplement the existing SCCs, and to promote a more uniform approach to applying EU national rules for the authorization of international data transfers.

EU Data Retention Directive Invalidated

On April 8, 2014, the European Court of Justice ruled that the EU Data Retention Directive is invalid because it disproportionally interferes with the European citizens’ rights to private life and protection of personal data. The Court’s ruling applies retroactively to the day the Directive entered into force.

The Court criticized that the Directive:

  • applies to all individuals, electronic communications and traffic data without differentiation, limitation or exception;
  • does not contain objective criteria for when data access by national authorities is justified;
  • does not contain objective criteria to determine how long data should be retained – the general minimum and maximum retention periods set out in the Directive do not distinguish between categories of data, persons concerned or the data’s usefulness;
  • does not contain sufficient safeguards against potential abuse and does not ensure irreversible destruction of the data upon expiry of the retention period; and
  • does not explicitly require that the data be retained within the EU, therefore violating the requirement in the EU Charter of Fundamental Rights that compliance control be exercised by independent authorities.

The case was referred to the European Court of Justice by senior Austrian and Irish courts for a preliminary ruling. On December 12, 2013, the Court’s Advocate General delivered his opinion that the Directive is incompatible with the European Charter of Fundamental Rights.

View the full text of the judgment.

Windows Internet Guard

Windows Internet Guard is a fake Antivirus. This rogue displays fake alerts to scare users. It replaces Windows Internet Watchdog, Windows Web Watchdog, Windows AntiBreach Patrol, Windows Antivirus Patrol, Windows Pro Defence Kit, Windows Security Master, Windows Defence Unit, Windows Protection Booster, Windows AntiVirus Booster, Windows AntiVirus Helper, Windows AntiVirus Tool, Windows Antivirus Suite, Windows AntiBreach Helper, Windows AntiBreach Suite, Windows AntiBreach Tool, Windows Paramount Protection, Windows Antivirus Master, Windows Safety Master, Windows Ultimate Booster, Windows Efficiency Kit, Windows Prime Accelerator, Windows Prime Shield, Windows Prime Booster, Windows Virtual Protector, Windows Accelerator Pro, Windows Premium Shield, Windows Efficiency Console, Windows Activity Booster, Windows Warding Module, Windows Active HotSpot, Windows Cleaning Toolkit, Windows Expert Console, Windows Safety Series, Windows Secure Workstation, Windows Anti-Malware Patch, Windows Virtual Security, Windows Antivirus Release, Windows Interactive Safety, Windows Ultimate Safeguard, Windows Antivirus Machine, Windows Active Guard, Windows Security Renewal, Windows Home Patron, Windows Virtual Firewall, Windows Premium Defender, Windows Web Combat, Windows Virtual Angel, Windows Profound Security, Windows Expert Series, Windows Virus Hunter, Windows Web Commander, Windows Interactive Security, Windows Proprietary Advisor, Windows Privacy Extension, Windows Custom Management, Windows Pro Defence, Windows Control Series, Windows Advanced Toolkit, Windows Proactive Safety, Windows Maintenance Guard, Windows Secure Web Patch, Windows Active Defender, Windows Instant Scanner, Windows Privacy Counsel, Windows Custom Safety, Windows Privacy Module, Windows Maintenance Suite, Windows PC Aid, Windows Safety Wizard, Windows TurnKey Console, Windows Malware Firewall, Windows Antivirus Rampart, Windows Ultimate Security Patch, Windows Defence Counsel, Windows Guard Tools, Windows Safety Maintenance, Windows Multi Control System, Windows Pro Safety, Windows Private Shield, Windows Pro Safety Release, Windows Safeguard Upgrade, Windows Secure Surfer, Windows Be-on-Guard Edition, Windows Abnormality Checker, Windows Pro Solutions, Windows Sleek Performance, Windows ProSecurity Scanner, Windows Advanced User Patch, Windows Internet Booster, Windows Pro Web Helper, Windows Daily Adviser, Windows Safety Module, Windows High-End Protection, Windows Recovery Series, Windows Safety Checkpoint, Windows Premium Guard, Windows Efficiency Accelerator, Windows Performance Adviser, Windows Pro Rescuer, Windows Safety Toolkit, Windows Antivirus Care, Windows Guard Solutions, Windows Safety Manager, Windows Antivirus Patch, Windows Protection Unit, Windows Crucial Scanner, Windows Foolproof Protector, Windows Antibreaking System, Windows Component Protector, Windows Cleaning Tools, Windows Stability Maximizer, Windows Processes Accelerator, Windows Efficiency Reservoir, Windows Care Taker, Windows Custodian Utility, Windows Shielding Utility, Windows Warding System, Windows Activity Debugger, Windows First-Class Protector, Windows Trouble Taker, Windows Managing System, Windows Defending Center, Windows Debug Center, Windows No-Risk Agent, Windows Software Saver, Windows Antihazard Helper, Windows AntiHazard Center, Windows Process Director, Windows Guardian Angel, Windows Software Keeper, Windows Problems Stopper, Windows Health Keeper, Windows No-Risk Center, Windows Antihazard Solution, Windows Risk Minimizer, Windows Managing System, Windows Safety Tweaker, Windows Tools Patch, Windows Personal Doctor, Windows Personal Detective, Windows Trojans Sleuth, Windows Malware Sleuth, Windows Trojans Inspector, Windows Attacks Defender, Windows Attacks Preventor, Windows Threats Destroyer, Windows Firewall Constructor, Windows Stability Guard, Windows Basic Antivirus, Windows PRO Scanner, Windows Shield Tool, Windows Telemetry Center, Windows Performance Catalyst, Windows Smart Partner, Windows Smart Warden, Windows Functionality Checker, Windows Protection Master




To register (and help removal), copy paste this code: 0W000-000B0-00T00-E0021

Interview with Josh Abraham – Episode 368, Part 1 – April 3, 2014

At Praetorian, Josh Abraham is a key member of the technical execution team. In this capacity, he is responsible for leading, directing and executing client-facing engagements that include Praetorian's tactical and strategic service offerings.

Over the years, Josh has become a well-known resource for his contributions to the information security space. An avid researcher and presenter, Josh has spoken at numerous conferences including BlackHat, DefCon, BSides, ShmooCon, The SANS Pentest Summit, Infosec World, SOURCE, CSI, OWASP, LinuxWorld and Comdex.

Interoperability: A Way Forward for Global Privacy

On April 3, 2014, Markus Heyder published an opinion piece on global privacy interoperability in the International Association of Privacy Professionals’ Privacy Perspectives blog, entitled Getting Practical and Thinking Ahead: ‘Interoperability’ is Gaining Momentum. Heyder recently left the Federal Trade Commission to join the Centre for Information Policy Leadership at Hunton & Williams as Vice President and Senior Policy Counselor. During his tenure at the FTC, Heyder spent a significant amount of time working on EU-U.S. Safe Harbor and APEC Cross-Border Privacy Rules (“CBPRs”) issues.

In the opinion piece, Heyder argues that schemes that create “interoperability” between different privacy and legal regimes may be the most practical way forward in terms of delivering consistent privacy protections globally. Such schemes include codes of conduct, privacy seals and marks and similar accountability systems that are negotiated based on shared principles and values among the relevant stakeholders and participants. Existing examples of such interoperability models are the EU-U.S. Safe Harbor Framework, the APEC CBPRs and Binding Corporate Rules.

The recent collaboration by the Article 29 Working Party and the APEC Data Privacy Sub-Group on a document comparing the CBPRs to BCRs (to be used by companies that want to certify under both systems) is evidence of the keen interest in these mechanisms among privacy regulators. At the very least, this collaboration has opened the door to further work toward interoperability between APEC and the EU, and it also may have set an example for similar potential initiatives elsewhere. Given the realities of the global data economy and the associated privacy risks, the pressure to find practical solutions is on the rise. Privacy professionals, regulators and other relevant stakeholders would be well-advised to keep up the current momentum toward creating global interoperability.

Banning the Criminal Background Check Box in San Francisco

As reported in the Hunton Employment & Labor Perspectives Blog:

On February 14, 2014, San Francisco passed the San Francisco Fair Chance Ordinance and became the latest national municipality to “ban the box” and limit the use of criminal background checks in employment hiring decisions. The deadline for San Francisco employers to comply with the San Francisco Fair Chance Ordinance is August 13, 2014. The “ban the box” campaign continues to gain momentum – San Francisco joins other cities (Buffalo, Newark, Philadelphia, and Seattle) and states (Hawaii, Massachusetts, Minnesota, and Rhode Island) who do not allow employers to ask about prior criminal convictions on initial job applications, and similar legislation is currently pending at state and local levels around the United States. We present an overview of the San Francisco Fair Chance Ordinance and recommended best practices for compliance here.

German DPAs Adopt Resolutions on Employee Privacy, Facial Recognition and EU Draft Regulation

On March 28, 2014, the 87th Conference of the German Data Protection Commissioners concluded in Hamburg. This biannual conference provides a private forum for the 17 German state data protection authorities (“DPAs”) and the Federal Commissioner for Data Protection and Freedom of Information, Andrea Voßhoff, to share their views on current issues, discuss relevant cases and adopt Resolutions aimed at harmonizing how data protection law is applied across Germany.

During the Conference, Resolutions concerning the following topics were adopted:

New Employee Data Protection Law Required

The DPAs reiterated their call for a new employee data protection law, particularly since it will still take several years before the proposed General Data Protection Regulation (“Proposed Regulation”) becomes binding in Germany. In their view, in light of the ever-increasing monitoring of employees, the current uncertainties in the Federal Data Protection Act need to be resolved.

Biometric Facial Recognition Online

The growing use and accuracy of facial recognition technologies pose a significant risk to the public’s protected interests. Accordingly, the DPAs emphasized that such technology must meet rigorous legal standards:

  • Consent is the sole applicable legal basis for processing such data if permanent biometric templates for facial recognition are created. The standard for valid consent required here is the same as for the processing of sensitive personal data (i.e., explicit, informed, opt-in consent). The purpose for the processing may not be changed, and it is not possible to obtain consent by reference to general terms and conditions or a privacy policy.
  • Legitimate interest can provide a legal basis for the processing where biometric templates are temporarily created (“for a logical second”) to compare them with existing templates that were created after obtaining valid consent. Temporary templates must be deleted immediately after such comparison, and the data subject must always be sufficiently informed.
  • The storage of biometric templates relating to third parties who cannot provide consent is unlawful.

Future Structure of Data Protection Supervision in Europe

This Resolution concerns the Proposed Regulation’s “One-Stop-Shop” regulatory model, as well as other proposals currently being considered by the European Council. Regarding these proposals, the DPAs outlined certain key elements that should be reflected in the future regulatory model, including:

  • Wherever data subjects in a particular EU member state are affected by data processing, the relevant national DPA should be responsible, regardless of whether the data controller has an establishment in the relevant state or not.
  • The “One-Stop-Shop” principle should apply where a company maintains establishments in several different EU Member States. The DPA responsible for compliance at the company’s headquarters should be the lead authority, and should closely cooperate with the other relevant DPAs, but data subjects should always be free to contact their local DPAs. The lead authority should work toward consensus with the other relevant DPAs.
  • There is no need for a formal, time-limited procedure to obtain EU-wide privacy decisions. Responsibility for data protection compliance should not be shifted to the data protection authorities.

Human Rights and Electronic Communications

Building on their earlier Resolution concerning mass surveillance by the U.S. National Security Agency, the DPAs have provided a more detailed set of measures to be implemented. Their demands, which are listed in an Annex to the Resolution, include:

  • Increased use of encryption technologies in a variety of scenarios;
  • Further development of measures to protect traffic data (including metadata);
  • More anonymous communications products;
  • Development of optional localized Internet routing;
  • Higher encryption standards for mobile communications and restrictions on geolocation;
  • Restriction of cloud computing to trustworthy and certified providers if personal data are processed;
  • Increased use of certified and open source software; and
  • Increased public spending on IT security.

Police Requests for Assistance to Locate Suspects via Social Media

In this detailed Resolution, the DPAs reiterated their position that public authorities using social networks for prosecution purposes is highly problematic, emphasizing public authorities can only use social networks for prosecutions if the networks fully comply with the provisions of the German Telemedia Act, especially as regards anonymization and pseudonymization.

The previous Conference was held in Bremen in October 2013.

Windows Internet Watchdog

Windows Internet Watchdog is a fake Antivirus. This rogue displays fake alerts to scare users. It replaces Windows Web Watchdog, Windows AntiBreach Patrol, Windows Antivirus Patrol, Windows Pro Defence Kit, Windows Security Master, Windows Defence Unit, Windows Protection Booster, Windows AntiVirus Booster, Windows AntiVirus Helper, Windows AntiVirus Tool, Windows Antivirus Suite, Windows AntiBreach Helper, Windows AntiBreach Suite, Windows AntiBreach Tool, Windows Paramount Protection, Windows Antivirus Master, Windows Safety Master, Windows Ultimate Booster, Windows Efficiency Kit, Windows Prime Accelerator, Windows Prime Shield, Windows Prime Booster, Windows Virtual Protector, Windows Accelerator Pro, Windows Premium Shield, Windows Efficiency Console, Windows Activity Booster, Windows Warding Module, Windows Active HotSpot, Windows Cleaning Toolkit, Windows Expert Console, Windows Safety Series, Windows Secure Workstation, Windows Anti-Malware Patch, Windows Virtual Security, Windows Antivirus Release, Windows Interactive Safety, Windows Ultimate Safeguard, Windows Antivirus Machine, Windows Active Guard, Windows Security Renewal, Windows Home Patron, Windows Virtual Firewall, Windows Premium Defender, Windows Web Combat, Windows Virtual Angel, Windows Profound Security, Windows Expert Series, Windows Virus Hunter, Windows Web Commander, Windows Interactive Security, Windows Proprietary Advisor, Windows Privacy Extension, Windows Custom Management, Windows Pro Defence, Windows Control Series, Windows Advanced Toolkit, Windows Proactive Safety, Windows Maintenance Guard, Windows Secure Web Patch, Windows Active Defender, Windows Instant Scanner, Windows Privacy Counsel, Windows Custom Safety, Windows Privacy Module, Windows Maintenance Suite, Windows PC Aid, Windows Safety Wizard, Windows TurnKey Console, Windows Malware Firewall, Windows Antivirus Rampart, Windows Ultimate Security Patch, Windows Defence Counsel, Windows Guard Tools, Windows Safety Maintenance, Windows Multi Control System, Windows Pro Safety, Windows Private Shield, Windows Pro Safety Release, Windows Safeguard Upgrade, Windows Secure Surfer, Windows Be-on-Guard Edition, Windows Abnormality Checker, Windows Pro Solutions, Windows Sleek Performance, Windows ProSecurity Scanner, Windows Advanced User Patch, Windows Internet Booster, Windows Pro Web Helper, Windows Daily Adviser, Windows Safety Module, Windows High-End Protection, Windows Recovery Series, Windows Safety Checkpoint, Windows Premium Guard, Windows Efficiency Accelerator, Windows Performance Adviser, Windows Pro Rescuer, Windows Safety Toolkit, Windows Antivirus Care, Windows Guard Solutions, Windows Safety Manager, Windows Antivirus Patch, Windows Protection Unit, Windows Crucial Scanner, Windows Foolproof Protector, Windows Antibreaking System, Windows Component Protector, Windows Cleaning Tools, Windows Stability Maximizer, Windows Processes Accelerator, Windows Efficiency Reservoir, Windows Care Taker, Windows Custodian Utility, Windows Shielding Utility, Windows Warding System, Windows Activity Debugger, Windows First-Class Protector, Windows Trouble Taker, Windows Managing System, Windows Defending Center, Windows Debug Center, Windows No-Risk Agent, Windows Software Saver, Windows Antihazard Helper, Windows AntiHazard Center, Windows Process Director, Windows Guardian Angel, Windows Software Keeper, Windows Problems Stopper, Windows Health Keeper, Windows No-Risk Center, Windows Antihazard Solution, Windows Risk Minimizer, Windows Managing System, Windows Safety Tweaker, Windows Tools Patch, Windows Personal Doctor, Windows Personal Detective, Windows Trojans Sleuth, Windows Malware Sleuth, Windows Trojans Inspector, Windows Attacks Defender, Windows Attacks Preventor, Windows Threats Destroyer, Windows Firewall Constructor, Windows Stability Guard, Windows Basic Antivirus, Windows PRO Scanner, Windows Shield Tool, Windows Telemetry Center, Windows Performance Catalyst, Windows Smart Partner, Windows Smart Warden, Windows Functionality Checker, Windows Protection Master




To register (and help removal), copy paste this code: 0W000-000B0-00T00-E0021

The Evolution of Mobile Security

Today, I posted a blog entry to the Oracle Identity Management blog titled Analyzing How MDM and MAM Stack Up Against Your Mobile Security Requirements. In the post, I walk through a quick history of mobile security starting with MDM, evolving into MAM, and providing a glimpse into the next generation of mobile security where access is managed and governed along with everything else in the enterprise. It should be no surprise that's where we're heading but as always I welcome your feedback if you disagree.

Here's a brief excerpt:
Mobile is the new black. Every major analyst group seems to have a different phrase for it but we all know that workforces are increasingly mobile and BYOD (Bring Your Own Device) is quickly spreading as the new standard. As the mobile access landscape changes and organizations continue to lose more and more control over how and where information is used, there is also a seismic shift taking place in the underlying mobile security models.
Mobile Device Management (MDM) was a great first response by an Information Security industry caught on its heels by the overwhelming speed of mobile device adoption. Emerging at a time when organizations were purchasing and distributing devices to employees, MDM provided a mechanism to manage those devices, ensure that rogue devices weren’t being introduced onto the network, and enforce security policies on those devices. But MDM was as intrusive to end-users as it was effective for enterprises.
Continue Reading

OCR Releases HIPAA Security Assessment Tool

On March 28, 2014, the Department of Health and Human Services’ (“HHS’”) Office for Civil Rights (“OCR”) released a tool to assist covered entities in complying with the HIPAA Security Rule requirement to conduct a risk assessment. The HIPAA Security Rule obligates covered entities to accurately and thoroughly assess “the potential risks and vulnerabilities to the confidentiality, integrity and availability of electronic protected health information” (“PHI”) they maintain. The tool, which is aimed at small to medium health care providers, was developed jointly by OCR and the HHS Office of the National Coordinator for Health Information Technology (“ONC”), and follows the National Institute of Standards and Technology’s development of a similar toolkit.

The tool contains 156 questions and resources that are designed to help health care providers:

  • Understand the context of each question;
  • Consider the potential impacts to PHI if certain HIPAA Security Rule requirements are not met; and
  • View the actual text of the HIPAA Security Rule.

HHS also developed a user guide and instructional videos to supplement the tool. Health care providers can store their answers and comments in the tool and view their current results at any time.

Upon its release, Susan McAndrew, Deputy Director of OCR’s Division of Health Information Privacy, noted that the tool “will greatly assist providers in performing a risk assessment to meet their obligations under the HIPAA Security Rule” while Karen DeSalvo, National Coordinator for Health Information Technology, commented that “[p]rotecting patients’ protected health information is important to all health care providers and the new tool we are releasing today will help them assess the security of their organizations.”

EEOC and FTC Issue Joint Guidance on Background Checks

As reported in the Hunton Employment & Labor Perspectives Blog, on March 10, 2014, the Federal Trade Commission and the Equal Employment Opportunity Commission issued joint guidance regarding the use of background checks in the employment context. The agencies issued two guidance documents: Background Checks: What Employers Need to Know (which advises employers on their existing legal obligations under both the Fair Credit Reporting Act and federal non-discrimination laws) and Background Checks: What Job Applicants and Employees Should Know (which informs job applicants and employees about their rights with respect to employers running background checks).

Read the full post on the Hunton Employment & Labor Perspectives Blog.

Windows Web Watchdog

Windows Web Watchdog is a fake Antivirus. This rogue displays fake alerts to scare users. It replaces Windows AntiBreach Patrol, Windows Antivirus Patrol, Windows Pro Defence Kit, Windows Security Master, Windows Defence Unit, Windows Protection Booster, Windows AntiVirus Booster, Windows AntiVirus Helper, Windows AntiVirus Tool, Windows Antivirus Suite, Windows AntiBreach Helper, Windows AntiBreach Suite, Windows AntiBreach Tool, Windows Paramount Protection, Windows Antivirus Master, Windows Safety Master, Windows Ultimate Booster, Windows Efficiency Kit, Windows Prime Accelerator, Windows Prime Shield, Windows Prime Booster, Windows Virtual Protector, Windows Accelerator Pro, Windows Premium Shield, Windows Efficiency Console, Windows Activity Booster, Windows Warding Module, Windows Active HotSpot, Windows Cleaning Toolkit, Windows Expert Console, Windows Safety Series, Windows Secure Workstation, Windows Anti-Malware Patch, Windows Virtual Security, Windows Antivirus Release, Windows Interactive Safety, Windows Ultimate Safeguard, Windows Antivirus Machine, Windows Active Guard, Windows Security Renewal, Windows Home Patron, Windows Virtual Firewall, Windows Premium Defender, Windows Web Combat, Windows Virtual Angel, Windows Profound Security, Windows Expert Series, Windows Virus Hunter, Windows Web Commander, Windows Interactive Security, Windows Proprietary Advisor, Windows Privacy Extension, Windows Custom Management, Windows Pro Defence, Windows Control Series, Windows Advanced Toolkit, Windows Proactive Safety, Windows Maintenance Guard, Windows Secure Web Patch, Windows Active Defender, Windows Instant Scanner, Windows Privacy Counsel, Windows Custom Safety, Windows Privacy Module, Windows Maintenance Suite, Windows PC Aid, Windows Safety Wizard, Windows TurnKey Console, Windows Malware Firewall, Windows Antivirus Rampart, Windows Ultimate Security Patch, Windows Defence Counsel, Windows Guard Tools, Windows Safety Maintenance, Windows Multi Control System, Windows Pro Safety, Windows Private Shield, Windows Pro Safety Release, Windows Safeguard Upgrade, Windows Secure Surfer, Windows Be-on-Guard Edition, Windows Abnormality Checker, Windows Pro Solutions, Windows Sleek Performance, Windows ProSecurity Scanner, Windows Advanced User Patch, Windows Internet Booster, Windows Pro Web Helper, Windows Daily Adviser, Windows Safety Module, Windows High-End Protection, Windows Recovery Series, Windows Safety Checkpoint, Windows Premium Guard, Windows Efficiency Accelerator, Windows Performance Adviser, Windows Pro Rescuer, Windows Safety Toolkit, Windows Antivirus Care, Windows Guard Solutions, Windows Safety Manager, Windows Antivirus Patch, Windows Protection Unit, Windows Crucial Scanner, Windows Foolproof Protector, Windows Antibreaking System, Windows Component Protector, Windows Cleaning Tools, Windows Stability Maximizer, Windows Processes Accelerator, Windows Efficiency Reservoir, Windows Care Taker, Windows Custodian Utility, Windows Shielding Utility, Windows Warding System, Windows Activity Debugger, Windows First-Class Protector, Windows Trouble Taker, Windows Managing System, Windows Defending Center, Windows Debug Center, Windows No-Risk Agent, Windows Software Saver, Windows Antihazard Helper, Windows AntiHazard Center, Windows Process Director, Windows Guardian Angel, Windows Software Keeper, Windows Problems Stopper, Windows Health Keeper, Windows No-Risk Center, Windows Antihazard Solution, Windows Risk Minimizer, Windows Managing System, Windows Safety Tweaker, Windows Tools Patch, Windows Personal Doctor, Windows Personal Detective, Windows Trojans Sleuth, Windows Malware Sleuth, Windows Trojans Inspector, Windows Attacks Defender, Windows Attacks Preventor, Windows Threats Destroyer, Windows Firewall Constructor, Windows Stability Guard, Windows Basic Antivirus, Windows PRO Scanner, Windows Shield Tool, Windows Telemetry Center, Windows Performance Catalyst, Windows Smart Partner, Windows Smart Warden, Windows Functionality Checker, Windows Protection Master




To register (and help removal), copy paste this code: 0W000-000B0-00T00-E0021